Where librarians and the internet meet: internet searching, Social Media tools, search engines and their development. These are my personal views.

June 14, 2013

Staying private and protected online

Unless you live under a rock, you'll know all about PRISM, the NSA's global data surveillance program. Added to that is the ghost at the monitor of the Draft Communications Data Bill, which is refusing to die, and may well make a come back at any point in the not too distant future. I'm not going to go into details about exactly what these things are; I've linked to some Wikipedia data about them, but I do want to discuss some of the things that you need to take into account both now, and potentially into the future regarding the data that you're sharing and methods you can use to make sure that you don't.

When you do just about anything on the internet, it can be tracked by someone and stored. This includes your internet searches, the adverts you click on, the mail that you read and send, your Facebook data (even if you have privacy options all turned on), phone calls made using Skype, anything you do on other social networks, Twitter accounts (even protected accounts are not secure), chat room messaging, online games that you play and the interactions you have on them, internet access via a smart tv or games console. Online transactions using PayPal, searching and checking for places on maps, cloud based storage, instant messaging, video conferencing, photograph sharing, document collaboration and more. Concerned? Yes, you should be. Now, some people say that 'if you're innocent you've got nothing to fear' but that's an entirely bogus argument. This type of survellance implies that we are all potential suspects in criminal activities, terrorism or worse, and we should object to that.

So, what can you do about it? You can find out what the government or any public body knows about you by submitting a Freedom of Information request. You can hide or disable your location on a mobile phone, remove yourself from the Electoral roll or check to see if you've been caught on camera, under the terms of the Data Protection Act and request to see footage of yourself. You can obviously do a lot more, and the Living off the grid site (though US biased) is an interesting place to get ideas. However, I'm more interested in the computer side of things, so that's what I'll focus on.

Browsing. Every site that you visit leaves a trace behind you, and it is held byr your internet service provider. You can overcome this by using a proxy - your browsing then gets scrambled, letting you conduct your business privately. Hide My Ass is a proxy service that lets you do just that. It's worth visiting the site because it explains in some detail exactly what it is, and what it does in easy none technical terms. Furthermore, dump Internet Explorer, Chrome and Safari, and start using Firefox or Tor. If that's not possible there are add-ons that you can install, such as HTTPS Everywhere, which is a Firefox and Chrome extension that encrypts your communications with many major websites, making your browsing more secure. You can find out more about how to fix tracking by taking a look at the very informative site put together by DuckDuckGo. It goes into great detail about scripts, cookies and so on, which I don't have the space or time to cover here. You could also use a 'Do not track' add-on and you can see what sites are tracking and can prevent it.

Searching. Forget the main stream engines, and head over to DuckDuckGo. Meanwhile traffic at the private search engines StartPage and
Ixquick has dramatically increased this week as Internet users react
to news of the PRISM data sharing program.

Emails. Use a tool called Mailvelope which is a browser add on for Chrome (Firefox shortly) that works with major email systems, and it lets you send encrypted email. You can also use a fake or temporary email address such as Trashmail which you can use to set up an email address which forwards mail to your real address, and can then delete itself. Alternatively use any of a number of temporary email addresses - I've got lists of them on my other blog which looks at tools and resources. Don't use Gmail, Outlook or Yahoo! Mail, but rather go for something like Bitmessage, or if you want something a bit simpler, Mozilla Thunderbird. You might also want to take a look at StartMail which is due to come onstream later this year.

Downloading. If you want to download material and ensure that both your privacy and location remain personal try out BTGuard (not related to BT) which gives you an anonymous IP address and encrypts your downloads. Alternatively, take a look at the OpenNIC project which works in a similar way.

Encryption. It's not as scary as it sounds since it's all automated for you, but it does allow you to store content safely and securely, if you're using things like Dropbox, Google Drive or Skydrive. BoxCryptor can keep your online files secure and Cryptocat encrypts any chats that you have in chatrooms. You could also use GNU privacy to
encrypt and sign your data and communications.

Social networking. Forget all the big players such as Facebook, LinkedIn, Twitter, Google+, and try Diaspora* instead.

That's just a few thoughts and ideas but it's just for starters. You can get more suggestions from Opt out of PRISM which illustrates what services you can trust and those that you can't. Also, the current issue (399) of ComputerActive magazine in the UK is another really good read, and I drew heavily on both sources to put this post together.